KVM: arm64: Prevent NV feature flag on systems w/o nested virt

It would appear that userspace can select the NV feature flag regardless
of whether the system actually supports the feature. Obviously a nested
guest isn't getting far in this situation; let's reject the flag
instead.

Link: https://lore.kernel.org/r/20230920195036.1169791-6-oliver.upton@linux.dev
Signed-off-by: Oliver Upton <oliver.upton@linux.dev>

diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c
index ab866a7370a3162636114119fa3545a1ff9bfe36..a791809fb1a1044e22c16208b52f0f3b9d10a02d 100644 (file)
--- a/arch/arm64/kvm/arm.c
+++ b/arch/arm64/kvm/arm.c
@@ -1208,6 +1208,9 @@ static unsigned long system_supported_vcpu_features(void)
                clear_bit(KVM_ARM_VCPU_PTRAUTH_GENERIC, &features);
        }
 
+       if (!cpus_have_final_cap(ARM64_HAS_NESTED_VIRT))
+               clear_bit(KVM_ARM_VCPU_HAS_EL2, &features);
+
        return features;
 }